HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

Kubesploit is a framework for attacking container environments, with modules for both exploits and defenses. Ken Shirriff explores the Intel 8088 prefetch system, which boosts performance by pre-fetching instructions. A cyber security tutorial demonstrates how to exploit a vulnerability in Metabase. The Sr2T tool converts security scan reports into readable formats. A new tool extracts URLs and paths from web pages, suggesting improvements for handling applications. Researchers exploit a Chrome vulnerability by manipulating heap allocation patterns. Olivier Laflamme's blog teaches emulating IoT firmware using QEMU. Reverser_ai offers automated reverse engineering tools on consumer hardware. The rev.ng decompiler has a modern interface and structure detection for code analysis. NoArgs hides command-line arguments of a process for covert operations. Emora is an open-source tool for finding user accounts with just a username. Secure coding guides teach prevention of common security issues. Sysmon blocks malicious file execution as backup to EDR systems in critical environments. Understanding process creation is important for cybersecurity. SquareX browser extension improves online safety. A vulnerability in Android's Package Manager was exploited on Samsung devices. Scripts for finding vulnerable systems on networks using search engines. Auto-Gmail-Creator GitHub repository automates Gmail account creation. Python script discussed for SSH and FTP brute-forcing. Alisa Esage shares exploit code for competitions. Guide for testing AWS security. Repository for creating reverse shells and bypassing antivirus for educational purposes. Directory listing of educational cyber security content and tools. Resources for the Certified Red Team Expert (CRTE) exam. Cheatsheet-God provides cyber security resources. Command & Control frameworks are key for cyber operations. Code for manipulating Windows process's command line arguments. International Anti Crime Academy gives guidance on investigating the Dark Web. Exploitation of the old TRACE method and HTTP/2 desync issues for web attacks. Method for privilege escalation in Azure. Handling dangling pointer errors through proper labeling and restructuring. Chrome’s detector for dangling pointers forces crashes to prevent their use. "Bob the Smuggler" conceals and encrypts files in other files to bypass security. DOMPurify's deficiency is patched to prevent sanitization bypass. Method for maintaining persistent access with a malicious DLL. WindowsHardeningScript enhances Windows 10/11 security with system modifications.

# Tradecraft

[#] Kubesploit is a Command & Control framework designed for attacking containerized environments, using modules for exploits and defenses documented in its project files.
Read More @ github.com
[#] Ken Shirriff explores the Intel 8088 microprocessor's prefetch system, detailing how it improved performance by fetching instructions before they're needed and breaking down the design elements that distinguish the 8088 from the 8086.
Read More @ righto.com
[#] A cyber security tutorial outlines the process for exploiting the CVE-2023-38646 vulnerability in Metabase to gain system access and leverages the GameOver(lay) bug for root privileges on a HackTheBox machine named Analytics.
Read More @ gitlab.io
[#] Sr2T is a tool for converting security scanning reports from various formats like XML and JSON into easy-to-read tables in CSV, XLSX, or plain text, streamlining the process for security professionals to analyze and report findings.
Read More @ kitploit.com
[#] A new tool for extracting URLs and paths from web pages is discussed, with community feedback suggesting enhancements for handling single page applications, configurable options for link following, and use examples including PowerShell and JavaScript code snippets.
Read More @ reddit.com
[#] To exploit a Chrome vulnerability caused by libwebp's out-of-bounds write, researchers manipulate Chrome's heap allocation patterns and use cross-thread and cross-bucket techniques to create use-after-free conditions, ultimately enabling arbitrary code execution.
Read More @ darknavy.org
[#] A blog by Olivier Laflamme guides readers through emulating IoT firmware using QEMU, detailing setup steps, firmware extraction with binwalk, system emulation, and resolving emulation errors, with a focus on practical application for hardware hacking without the physical device.
Read More @ boschko.ca
[#] A new GitHub project, reverser_ai, offers automated reverse engineering tools that operate on local consumer hardware using large language models.
Read More @ reddit.com
[#] The text introduces a next-generation decompiler called rev.ng, featuring modern user interface design, automatic structure detection, and collaborative tools, all based on the LLVM compiler framework and VSCode, suitable for analyzing various code architectures and available as both open source and commercial products.
Read More @ rev.ng
[#] NoArgs is a tool that hooks into the CreateProcessW function to manipulate or hide command-line arguments of a process for covert operations, potentially evading detection.
Read More @ securityonline.info
[#] Emora is a new open-source graphical tool that simplifies searching for user accounts across various social networks using a username.
Read More @ securityonline.info
[#] Secure coding guides provide solutions for common security issues in different programming languages, focusing on best practices to prevent vulnerabilities like broken access control, cryptographic failures, and injection attacks.
Read More @ devsecopsguides.com
[#] Sysmon can be configured to block the execution of malicious files like Hermetic Wiper by using Event ID 27 to specify hashes of known threats, serving as a backup to EDR systems, especially in critical infrastructure environments.
Read More @ medium.com
[#] Understanding how attackers create processes is crucial for cybersecurity, as some techniques involve identifiable explicit process creation while others rely on harder to detect implicit process creation, affecting the effectiveness of monitoring strategies.
Read More @ specterops.io
[#] SquareX is a browser extension that enhances online safety using a mix of rules, heuristics, machine learning, and isolation to block threats and allow secure interaction with potentially risky websites and files.
Read More @ sqrx.com
[#] A vulnerability in Android's Package Manager (pm) was exploited using CVE-2019-16253 to gain system-level access on Samsung devices, circumventing updates through rollback and debug flags; a detailed process to leverage it is provided, along with the implications and suggested careful usage.
Read More @ github.com
[#] This repository provides scripts to automate the search for vulnerable systems on networks using the ZoomEye, Shodan, and Censys search engines, including installation and usage instructions for running the queries.
Read More @ github.com
[#] The GitHub repository "ai-to-ai/Auto-Gmail-Creator" provides a Python script using Selenium and Seleniumwire to automate the creation of Gmail accounts, with capabilities for phone verification through sms-activate.org, automatic or manual user information generation, and options for proxy use, headless browsing, and profile customization.
Read More @ github.com
[#] A Python script for SSH and FTP brute-forcing is described, providing setup and usage details for attempting unauthorized access to systems using a list of possible password combinations.
Read More @ github.com
[#] Alisa Esage shares sophisticated exploit code for Pwn2Own competitions, including a JIT Type Confusion exploit and a Parallels VM escape, available at the badd1e GitHub repository.
Read More @ github.com
[#] This article is a guide for testing the security of AWS environments, demonstrating attacks on weak configurations and suggesting stronger security practices for data storage, Lambda functions, IAM roles, and EC2 instances.
Read More @ hashnode.dev
[#] The repository "Malware-Development" contains experimental C code for creating reverse shells, bypassing antivirus systems, and extracting secret data from memory, aimed at educational purposes in understanding cybersecurity techniques.
Read More @ github.com
[#] The repository presents resources and study notes for the Certified Red Team Expert (CRTE) exam, which encompasses key topics such as PowerShell bypassing, Active Directory exploitation, privilege escalation, and various attack techniques.
Read More @ github.com
[#] Cheatsheet-God is a compilation of cyber security resources including scripts, how-to guides, and references for penetration testing, useful for OSCP and other certifications, where contributions and improvements are encouraged.
Read More @ github.com
[#] Command & Control frameworks are essential for modern cyber operations, evolving in response to advances in endpoint protection and becoming integral for both attackers and defenders to manage exploits and avoid detection.
Read More @ archive.org
[#] The provided code demonstrates how to manipulate a Windows process's command line arguments in memory, to deceive monitoring tools while the process executes different arguments.
Read More @ gitbook.io
[#] The International Anti Crime Academy offers guidance on investigating the Dark Web by providing a selection of Dark Web search engines and Pastebin resources to be used with the TOR Browser.
Read More @ iaca-darkweb-tools.com
[#] A researcher found a way to exploit the old TRACE method and HTTP/2 desync issues for web application attacks by combining response smuggling and cache poisoning techniques.
Read More @ portswigger.net
[#] The text outlines a method to escalate privileges in Azure by abusing a Service Principal when possessing a compromised Application Administrator account, employing tools such as AzureHound for path observation and PowerShell for executing the escalation.
Read More @ redfoxsec.com
[#] When encountering a dangling pointer error in your code, label it correctly, address ownership issues, consider reordering destructors, use smart pointers, and ensure proper clean-up to prevent memory and security problems.
Read More @ googlesource.com
[#] Chrome has implemented a detector for dangling pointers, which are pointers to deleted memory, and this detector can make the program crash if such a pointer is used, ensuring programmers handle or prevent the use of these dangerous pointers.
Read More @ googlesource.com
[#] "Bob the Smuggler" is a cyber tool that conceals and encrypts files within HTML or image files to sneak them past security systems unnoticed.
Read More @ github.com
[#] A deficiency in DOMPurify was discovered, allowing XML nodes to bypass sanitization using processing instructions or custom configurations, but patches have been released to cover these vulnerabilities.
Read More @ slonser.info
[#] The repository details a method of maintaining persistent access on a system by placing a malicious DLL in the path where cscapi.dll is expected, causing it to be loaded by the explorer process when it runs.
Read More @ github.com
[#] The WindowsHardeningScript repository by ZephrFish provides scripts to enhance Windows 10/11 security through system modifications that include file association changes, adjustments to browser and Microsoft Office settings, and advanced logging, with detailed instructions for use available on their GitHub page.
Read More @ github.com

# News

[#] The European Union has made anonymous cryptocurrency payments illegal and set limits on cash transactions to combat money laundering.
Read More @ cryptonews.net
[#] Microsoft is scheduled to block over fifty cloud products for Russian businesses by the end of March 2024, in compliance with EU sanctions.
Read More @ bleepingcomputer.com
[#] A widespread Sign1 malware campaign has compromised over 39,000 WordPress websites by injecting malicious JavaScript to redirect visitors to harmful sites, with recent tactics including dynamic URL changes to evade detection and requiring website owners to secure their admin panels and employ monitoring tools.
Read More @ securityaffairs.com
[#] Researchers have identified a vulnerability named GoFetch in Apple's M-series chips that allows attackers to steal cryptographic keys through the chip's Data Memory-Dependent Prefetcher, and while some CPUs like the m3 series have a disable option, the risk still persists for others without a hardware fix, urging users to update software and avoid hardware sharing as preventive measures.
Read More @ packetstormsecurity.com
[#] Cozy Bear, Russian cyberespionage group, has been targeting German political parties with phishing emails using a sophisticated backdoor dubbed WINELOADER.
Read More @ theregister.com
[#] Recent cyber incidents include a $1.8 million theft from a blockchain game by a former contractor, a $2.6 million Twitter phishing scam exploiting a crypto trader's reputation, a potential multi-million dollar hack of a project's password-managed funds, and a string of other serious breaches affecting various crypto platforms, alongside phishing attacks and a darknet market's extortion after an exit scam.
Read More @ web3isgoinggreat.com
[#] The rev.ng decompiler is now open source, and its UI is entering a closed beta stage, aiming to provide a better experience in reverse engineering with features like automatic data structure detection and cleaner C code output, although currently it may not outperform competitors like IDA and Ghidra.
Read More @ reddit.com
[#] Canada may impose restrictions to allow only certified professionals to use the Flipper Zero device after initial plans to ban it were reconsidered due to its role in highlighting security vulnerabilities and not being the main tool for car theft.
Read More @ malwarebytes.com
[#] German police have shut down the Nemesis Market, a major darknet platform for illegal activities, confiscating $100,000 and disrupting cybercriminal operations.
Read More @ bleepingcomputer.com
[#] Russian hackers known as APT29, connected to Russia's Foreign Intelligence Service, have targeted German political parties with WineLoader malware through phishing campaigns, and users must remain vigilant against such attacks.
Read More @ bleepingcomputer.com
[#] A malware called Sign1 targeting WordPress sites has infected over 39,000 websites, injecting code that redirects to scams, with researchers advising site owners to update WordPress, practice strong security, and scan for malware.
Read More @ hackread.com
[#] Chinese hackers exploited vulnerabilities in F5 and ConnectWise software to infiltrate and sell access to various US and UK government and defense entities, with tools linked to China's Ministry of State Security.
Read More @ theregister.com
[#] Researchers discovered vulnerabilities in Dormakaba Saflok electronic locks, called Unsaflok, that allow creating keycards to open doors at 13,000 properties worldwide; mitigation solutions were released in November 2023.
Read More @ securityaffairs.com
[#] Mozilla fixed two serious security holes in Firefox, found during a hacking contest, which if exploited could let attackers install malware, steal data, or control a system, so users should update their Firefox browsers immediately.
Read More @ securityonline.info
[#] In recent cyber incidents, a developer stole $900,000 in a token scam, Super Sushi Samurai game was exploited for $4.6 million but funds were returned, AirDAO faced a social engineering attack losing over $1 million, Dolomite DEX lost $1.8 million due to a contract bug, the SEC is investigating the Ethereum Foundation, BitMEX experienced a flash crash due to aggressive selling, Slerf failed in presale leading to trading mania, Wilder World game suffered a loss due to a contractor, a Twitter phisher imitating a trader scammed followers out of $2.6 million, and the Remilia Collective was hacked losing several million in ETH and NFTs.
Read More @ web3isgoinggreat.com
[#] The Great Firewall Report platform focuses on monitoring and informing about China's internet censorship, reporting on methods to detect and bypass encryption blocking, and providing practical guides for deploying censorship-resistant servers.
Read More @ gfw.report
[#] Synacktiv is a cybersecurity firm offering intrusion testing, incident response, training, reverse-engineering, development, and their own CSIRT, with offices in Paris, Toulouse, Lyon, Rennes, and Lille.
Read More @ synacktiv.com
[#] The RPISEC Malware repository on GitHub no longer has the 'lectures' directory available on the master branch, indicating that the expected content has either been moved or removed.
Read More @ github.com
[#] The cybersecurity group Unit 42 has detailed the FalseFont backdoor malware used by a suspected Iranian espionage group targeting the aerospace and defense industries, with protections and solutions provided by Palo Alto Networks products.
Read More @ paloaltonetworks.com
[#] The message indicates that a GitHub Pages site expected to exist at this URL is not available, and to solve this, one must refer to the GitHub Pages documentation to properly set up the page for their repository, organization, or user account.
Read More @ github.io

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-03-24

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins